AMENDMENTS TO THE SPECIFICATION 
Please replace the paragraph beginning on page 1, line 14, with the following rewritten 
paragraph: 

- This application claims priority to U.S. Provisional Patent Application No. 60/151,531 
entitled "SYSTEM AND METHOD FOR PROVIDING COMPUTER SECURITY" filed 
August 30, 1999, which is incorporated herein by reference for all purposes^;-and-te-U.S. Patent 
Application No. 09/615,697 entitled "SYSTEM AND METHOD FOR COMPUTER 
SECURITY" filed July 14, 2000, which is incorporated herein by reference for all purposes.- 

Please replace the paragraph beginning on page 1, line 10, with the following rewritten 
paragraph: 

--This application is related to co-pending U.S. Patent Application No. 09/651,303 Not 
(Attorney Dock e t No. RECOP012 entitled EXTENSIBLE INTRUSION 
DETECTION SYSTEM filed concurrently herewith, which is incorporated herein by reference 
for all purposes; and co-pending U.S. Patent Application No. 09/651.854 No. 
(Attornoy Dock e t No. RECOP013) entitled SYSTEM AND METHOD FOR USING LOGIN 
CORRELATIONS TO DETECT INTRUSIONS filed concurrently herewith, which is 
incorporated herein by reference for all purposes; and co-pending U.S. Patent Application Na 
09/651.434 No. f Attornoy Doclcot No. RECOPOH) entitled SYSTEM AND 

METHOD FOR USING SIGNATURES TO DETECT COMPUTER INTRUSIONS filed 
concurrently herewith, which is incorporated herein by reference for all purposes; and co- 
pending U.S. Patent Application No. 09/651.304 W (Attornoy Doclcot No. 

RECOP01 5) entitled SYSTEM AND METHOD FOR ANALYZING FILESYSTEMS TO 
DETECT INTRUSIONS filed concurrently herewith, which is incorporated herein by reference 
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for all purposes; and co-pending U.S. Patent Application No. 09/65 1 ,306 Ner - 



Please replace the paragraph beginning on page 88, line 1, with the following rewritten 
paragraph: 

-- Figure 6 illustrates a rule-based system and processes used in some embodiments to 
detect computer intrusions using a hybrid approach in which both fo rward chaining and 
backward chaining are used. Two categories of rule-based systems are those that use forward- 
chaining and those that use backward-chaining. Systems that use forward-chaining (602) start 
with each incoming fact (604) and generate all inferences (606) resulting from the addition of 
that fact to the knowledge base (608) , thereby producing all conclusions that are supported by the 
available facts. Systems that use backwards-chaining (610) start with a goal (614) and search for 
facts that support that goal, producing a structure of subgoals (612) . Both approaches have the 
potential for substantial over-generation: computing inferences that are never used (forward- 
chaining) or hypothesizing sub-goals for which there is no support (backward-chaining). The 
forward- and backward-chaining approaches are analogues of bottom-up and top-down parsing 
in compiler technology.-- 

Please replace the paragraph beginning on page 88, line 1 1, with the following rewritten 
paragraph: 



7//r/ 



(Attorney Doolcot No. RECOP016) entitled SYSTEM AND METHOD FOR DETECTING +//f 
BUFFER OVERFLOW ATTACKS filed concurrently herewith, which is incorporated herein by 
reference for all purposes; and co-pending U.S. Patent Application No. 09/654,347 N ot 

(Attorney Doolcot No. RECOP017) entitled SYSTEM AND METHOD FOR 
USING TIMESTAMPS TO DETECT ATTACKS filed concurrently herewith, which is 
incorporated herein by reference for all purposes.-- 
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, • , • , where in the analysis engine is configured to 
5. (Original) The system as recited m claun 3, wherem y 

35-^^r.oretothegoaL ? ■ 7~T~^r» 

6 r:i».a^-^^ 



7. (Canceled) . 

primary.secondary.andindir.ctsourcesoffaets. 

• ^ i ai «, 2 wherein the analysis engine is configured to 

14. (Original) The system as recited in c '*"^' ^^^^^^[^a^^^^^^^^ 6 
15 W Thesysten.astecitedinc.aintH.wHetein.heanaiysisen^.s^ 

A^^enaeo^.^ — ona 
host, comprising the steps of: 

a) P-idingaso^ceofrulesandasouxceoffac^ f ^ d „ les from the 

b) forward- and backward-chaimng usmg facts from the sour 

source of rules by: inferences- 
(i) using forward chaining to generate one or more mferences. 
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